Repo Dorks

Here’s a handy list of Google Dorks for use when searching through (github) source code repositories to find sensitive data

  • SSH hosts and keys:
    site:github.com inurl:“known_hosts”“ssh-rsa”
  • Private encryption keys:
    site:github.com inurl:“id_rsa” -inurl:“pub”
  • Test configuration info:
    site:github.com inurl:“test” filetype:config
  • Ruby on Rails secure token:
    site:github.com inurl:secret_token.rb
  • Windows Azure account keys:
    site:github.com “;AccountKey=”filetype:config
  • Database connection config:
    site:github.com “;User Id=” filetype:config
  • Amazon Web Service access key (Java):
    site:github.com “AWS_ACCESS_KEY_ID” filetype:properties
  • Amazon Web Service access key (Other):
    site:github.com “AWS_ACCESS_KEY_ID” filetype:config
  • Bash command history:
    site:github.com filetype:bash_history
  • Account config data:
    site:github.com filetype:xml inurl:accounts.xml
  • SQL containing passwords:
    site:github.com filetype:sql where password
  • Django settings file:
    site:github.com inurl:settings.py

rabbitmq basics

A quick guide to some basics of running a RabbitMQ server:

Start the service:
service rabbitmq-server start

Remove the default ‘guest’ user:
rabbitmqctl delete_user guest

Set up a new user for administrative purposes:
rabbitmqctl add_user <admin_user> <password>
rabbitmqctl set_user_tags <admin_user> administrator

Set up a new user for the specific instance (vhost) you’ll be using:
rabbitmqctl add_vhost <vhostname>
rabbitmqctl add_user <username> <password>
rabbitmqctl set_permissions -p <vhostname> <username> "^<username>." "." ".*"

Check that everything looks OK:
rabbitmqctl list_vhosts
rabbitmqctl list_users
rabbitmqctl list_permissions -p dev
rabbitmqctl status